Lets take a look at what routes Artisan created for the Widgets module by default. Navigate to the Elentra API via the Elentra ME installation as we did before. Do this from inside the Docker container.

# log into the Docker container
docker exec -it elentra-developer bash
# navigate to Elenta API via the composer installation location
cd /var/www/vhosts/elentra-1x-me/www-root/core/library/vendor/elentrapackages/elentra-1x-api
# list the routes for the widget module
php artisan route:list --path=widgets

This will give you a single route:

+--------+----------+-------------+------+---------+--------------+
| Domain | Method   | URI         | Name | Action  | Middleware   |
+--------+----------+-------------+------+---------+--------------+
|        | GET|HEAD | api/widgets |      | Closure | api,auth:api |
+--------+----------+-------------+------+---------+--------------+

We need to make some adjustments here. Laravel assumes all API routes will start with /api/, but in Elentra we don't use that convention. Edit the file Widgets/Providers/RouteServiceProvider.php, and remove the 'prefix' directive in the mapApiRoutes() function:

Next, change the initial route for the Widget module so it gives us a helpful message. Edit the file Widgets/Routes/api.php and replace the commented out return method with an echo. Also remove the call to middleware('auth:api'). The Route::get() function should now look like:

To test this, open a browser of your choice, and try to navigate to the route for the Widget module, which will be http://elentra-1x-me/api/v2/widgets. You should see your message now.

Lets take a look at the routes now, using php artisan route:list --path=widgets

+--------+----------+---------+------+---------+------------+
| Domain | Method   | URI     | Name | Action  | Middleware |
+--------+----------+---------+------+---------+------------+
|        | GET|HEAD | widgets |      | Closure | api        |
+--------+----------+---------+------+---------+------------+

Now the URI no longer has the api prefix. You can also see that the middleware is different from before, because we removed the 'auth:api' middleware. Lets add back in the correct authentication middleware, but we will do it in a way that it will apply to all routes in this module

Again edit Widgets/Providers/RouteServiceProvider.php, and change the 'middleware' from 'api' to '['api', 'api_auth']. This middleware ensures that the caller is logged in and that the token is valid. After these changes, the mapApiRoutes() function should look like:

Now check the routes again with php artisan route:list --path=widgets

+--------+----------+---------+------+---------+--------------+
| Domain | Method   | URI     | Name | Action  | Middleware   |
+--------+----------+---------+------+---------+--------------+
|        | GET|HEAD | widgets |      | Closure | api,api_auth |
+--------+----------+---------+------+---------+--------------+

The api_auth middleware is now added, and your routes will now have to be authenticated.

With the middleware corrected, try to access the route again from the browser. This time you should get an error:

This is a great point to set up Postman to test your API routes, because you will have to first login to get the token needed for any access to the Widget module, now that the routes are secured.